PEAP vs. TTLS and forward secrecy (was: Re: WPA2 Client Authentication using Radius and remote LDAP server)
Hans-Christian Esperer
hc at hcesperer.org
Thu Sep 20 17:00:26 CEST 2018
On Thu, Sep 20, 2018 at 10:46:45AM -0400, Alan DeKok wrote:
> > Now I wonder whether EAP-PWD, which uses a PSK per user, also provides forward
> > secrecy? My assumption is that it doesn't.
>
> Forward secrecy depends on the cipher suite you select. So "it all depends" is the best answer.
I just discussed on the #freeradius irc channel: Apparently EAP-PWD always
guarantees forward secrecy. https://tools.ietf.org/html/rfc5931#page-35 7.b.2.
(Security claims)
Cheers
HC
More information about the Freeradius-Users
mailing list